Related Posts

The Cybersecurity Information Sharing Act (CISA, S. 754) authorizes operation of countermeasures. These could include deployment of hazardous software that can damage external systems, data, and devices. CISA authorizes operation of countermeasures notwithstanding any other law. The limitations on this authorization are insufficient to prevent harms.

New Hampshire became the ninth state to enact legislation reigning in warrantless law enforcement access to location records generated by cell phones and other electronic devices. Location records show where you are and have been, based on communications between your mobile device and the nearest cellular tower, and other electronic location tracking techniques such as GPS. The New Hampshire legislation prohibits the government from obtaining “location information from an electronic device without a warrant issued by a judge based on probable cause and on a case-by-case basis.”

Senators Graham and Whitehouse are circulating draft cybercrime legislation, with several provisions modifying the Computer Fraud and Abuse Act (CFAA) – 18 USC 1030, the primary anti-hacking law of the United States. The draft bill is called the “International Cybercrime Prevention Act of 2015″ and aims to crack down on theft of trade secrets and malicious hacking. Overall, the draft bill would exacerbate, not eliminate, the harshness, over breadth, and confusion with the CFAA.

Last week, the Senate Intelligence Committee passed a version of the Intelligence Authorization Act for FY 2016 (S. 1705) that would create a new “duty to report” apparent “terrorist activity” for providers of electronic communication services, which include online content hosts, internet service providers, and public libraries and coffee shops that offer WiFi access. The ramifications of this provision, which was introduced through a secret, closed-door committee process, are immense.

Wednesday there were two Senate Hearings on encryption and law enforcement access. Despite the fact that only 0.1% of wiretaps last year encountered encryption that could not be deciphered, the FBI has been arguing that it is “going dark” – that, increasingly, they encounter communications they can’t get access to, despite having a warrant. It’s clear from today’s hearings that the tide in the encryption debate has shifted: the FBI stated explicitly that it doesn’t have a proposed solution or a legislative proposal, and is punting to the tech industry to provide solutions. However, they’re asking industry to invent something that is intrinsically impossible.

The recent mass breach of computers at the Office of Personnel Management (OPM) has increased pressure on Congress to act to enhance cybersecurity. However, the OPM hack demonstrates the importance of strengthening the Cybersecurity Information Sharing Act (CISA, S. 754) in two important ways that would not undermine the goals of the legislation.

The scope of the recent hack of the Office of Personnel Management, in which the records of millions of current and former federal employees were breached, is exponentially greater than the many other recent headline-generating breaches in the private sector. This breach not only impacts government employees but countless of their partners, associates, and confidantes, and the stolen information includes some of the most intimate personal details about the individuals affected. It also raises real questions about the government’s ability to safeguard the data in its possession.

“Encryption and anonymity provide individuals and groups with a zone of privacy online to hold opinions and exercise freedom of expression without arbitrary and unlawful interference or attacks.” This is the message that the UN Special Rapporteur on the freedom of opinion and expression, David Kaye, delivered to the UN Human Rights Council today.

There are few civil liberties advocates that are more passionate or effective than Greg Nojeim. In his time at CDT, his tireless work has helped rein in overly intrusive government surveillance, enhance privacy protections online, and make government surveillance a human rights issue globally. CDT and all of those who work with Greg know what an incredible leader he is, and we are thrilled that the American-Arab Anti-Discrimination Committee (ADC) is honoring him with their Ralph Johns Award. He will receive the award tomorrow night at their annual gala.

After weeks of political grandstanding, brash rhetoric, and failed power plays, one of the of the National Security Agency’s most egregious mass surveillance authorities is no more. This is a monumental victory for every American who values their privacy and freedom. While it was easy to get distracted by the posturing that took place in Congress, that’s the real meaning of this reform: our personal thoughts and expressions will not be swept up in a mass dragnet on the off chance they might be useful.